Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- In a very specific scenario, the authentication for this Asus router could be bypassed. All of these things had to be done:
- The submitted
asus_tokenstarts with a Null (0x0) - The request User-Agent matches an internal service UA (asusrouter--)
- The device has not been configured with an
ifttt_token(default state)
- The submitted
- The reason for passing in
Nullis because the validation of theifttt_tokenreturns NULL if the functionality is not in use. If theifttt_tokenis the same as theasus_tokenthis returns Null. - The author does not explain the
asusrouter--user agent. However, it is common for a header or UA to be used to denote if an internal service is being used. In this case, it is not a security issue but rather something to hit the service at all. - Interesting bypass that would ONLY be found by manually reviewing source code. I will likely add
\0to my input fuzzer list after reading this article.
